Need to call discord API with auth token to retrieve additional info

Im trying to figure out the best way to retrieve additional information from discord during the login flow. Im using an application instead of an API so as far as I can tell there is no way to make the discord API calls from inside the app (angular front end) with the valid user token.
So far I can successfully log in to my app using a discord sign-on.
Would the best approach be to use an action? I haven’t found any examples yet of making an API call during the login process. Any help would be appreciated!

Hi @nanaki658,

Thanks for reaching out to the Auth0 Community!

To make Discord API calls during the login flow, I recommend checking out the instructions in our How do I make an Axios API call and store it as a custom claim using Actions? FAQ on using an Action to call an API.

Please let me know if you have any questions about the implementation.

Thanks,
Rueben

Thank you for the response! Sadly this is not quite what I was looking for as I need the access token created by the login (in this case Discord) to use in the the header as Header: Bearer + accessToken.

Is there no way to access the token at this stage? My ultimate goal is to retrieve a little more user data to include as metaData before sending it along to the calling site. The extra data that is required is included in the “scopes” so the user is aware of having this data gathered.

Hi @nanaki658,

Thank you for your response and clarification.

Unfortunately, it is not possible with a Post-Login Action because they execute before issuing an access token. See the flow diagram below:

One possible way to get this to work is by making a request with the Discord API using the Client Credentials grant inside a Post-Login Action to get a Discord API access token, which you can use to query the Discord API’s Get User endpoint.

Then you can take the user_metadata from the Discord response and append it as a custom claim to the access token.

I hope the explanation was clear!

Please let me know how this works for you.

Thanks,
Rueben

I actually found a way to accomplish what I needed via RULES. I made the API call with AXIOS and added the Bearer + Token which was available in the user object to retrieve the data I needed before setting it as the app_metadata.
Is there a functional difference between app_metadata and user_metadata properties? Is there any reason I SHOULDN’T be using a rule for this functionality?

1 Like

Hi @nanaki658,

Thank you for your reply, and I am glad you got it working using Rules.

There is no functional difference between app_metadata and user_metadata properties, only a semantic difference.

The difference between app_metadata and user_metadata is that the first should be used for information about the user that is controlled by the application (e.g. the user identifier for a legacy system, or the roles a user has), whereas user_metadata is information that the user can view and control (e.g. user settings, preferences). [Reference: Differences between client_metadata and app_metadata).]

You should be completely fine with using a Rule for this functionality but, take note that Rules may be deprecated eventually. Because of this, I recommend reading this related community post that answers questions on the timeline on deprecating Rules.

May I help you with anything else?

Thanks,
Rueben

nope, that’s everything I needed. Thanks for the help!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.